Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method for protecting execution, by a circuit, of a substitution operation in which an output data is selected in an original substitution table, the substitution operation being included in an cryptographic operation for encrypting or decrypting an input data, the input data of the substitution operation being based on the input data of the cryptographic operation, the method comprising: generating, by the circuit, a new masked substitution table obtained from the original substitution table to perform the substitution operation, the input data being combined by Exclusive OR (XOR) operations with a new value of a first mask parameter to obtain a masked input data, and the output data being combined by the XOR operations with a new value of a second mask parameter to obtain a masked output data, the generating the new masked substitution table comprising: selecting, by the circuit, a first input mask and a second input mask; computing, by the circuit, the new value of the first mask parameter by applying the XOR operations to a previous value of the first mask parameter and to the first input mask; computing, by the circuit, the new value of the second mask parameter by applying the XOR operations to a previous value of the second mask parameter and to the second input mask; selecting, by the circuit, each value in a previous masked substitution table obtained from the original substitution table; and for each selected value: computing, by the circuit, a masked value by applying the XOR operations to the selected value and to the second input mask, computing, by the circuit, a masked index by applying the XOR operations to the first mask and to an original index, and storing, by the circuit in a memory, the masked value in the new masked substitution table, the selected value being selected at the original index and the masked value being stored at the masked index, or the selected value being selected at the masked index and the masked value being stored at the original index.
This invention relates to cryptographic security, specifically protecting substitution operations in encryption or decryption processes from side-channel attacks. The method involves dynamically masking substitution tables to obscure data dependencies that could be exploited by attackers. The substitution operation selects output data from an original substitution table based on input data derived from the cryptographic operation. To enhance security, a new masked substitution table is generated by combining input and output data with mask parameters using XOR operations. The process begins by selecting first and second input masks, then computing new values for the first and second mask parameters by XORing previous mask values with the input masks. Each value in a previous masked substitution table is then processed: the value is XORed with the second input mask to produce a masked value, and the original index is XORed with the first mask to produce a masked index. The masked value is stored in the new table at either the masked index or the original index, depending on implementation. This dynamic masking technique ensures that intermediate values remain unpredictable, mitigating side-channel vulnerabilities. The method is applicable to any cryptographic algorithm that uses substitution tables, such as AES or DES, and can be implemented in hardware or software.
2. The method of claim 1 , wherein the generating the new masked substitution table comprises: selecting, by the circuit, a third input mask for each of ranks from 1 to n, n being an integer number greater than one; for each rank j from 1 to n−1, computing, by the circuit, a new value of a third mask parameter of rank j by applying the XOR operations to a previous value of the third mask parameter of rank j and to the input mask of ranks j and j+1; and computing, by the circuit, a new value of the third mask parameter of rank n by applying the XOR operations to a previous value of the third mask parameter of rank n and to the third input mask of rank n, the new value of the first mask parameter being computed by applying the XOR operations to the previous value of the first mask parameter, to the third input mask of rank 1 and to the first input mask, the new value of the second mask parameter being computed by applying the XOR operations to the previous value of the second mask parameter, to the third input mask of rank 1 and to the second input mask, the substitution operation including applying the XOR operations to the masked input data and to each of the third mask parameters of ranks 1 to n, the masked output data corresponding to the output data of the substitution operation, combined by the XOR operations with the second mask parameter and with each of the third mask parameters of ranks 1 to n.
This invention relates to cryptographic systems, specifically methods for generating and applying masked substitution tables to enhance security in data processing circuits. The problem addressed is the vulnerability of substitution operations to side-channel attacks, where attackers exploit physical characteristics like power consumption to infer sensitive data. The solution involves dynamically generating a new masked substitution table to obscure intermediate values during cryptographic operations. The method operates by selecting an input mask for each rank from 1 to n, where n is an integer greater than one. For each rank j from 1 to n−1, a new value of a third mask parameter is computed by applying XOR operations to a previous value of the third mask parameter and the input masks of ranks j and j+1. The new value of the third mask parameter for rank n is computed by applying XOR operations to its previous value and the third input mask of rank n. Additionally, new values of first and second mask parameters are computed by applying XOR operations to their previous values, the third input mask of rank 1, and their respective input masks. The substitution operation involves applying XOR operations to masked input data and each of the third mask parameters of ranks 1 to n. The masked output data is derived by combining the output data of the substitution operation with the second mask parameter and each of the third mask parameters of ranks 1 to n using XOR operations. This approach ensures that intermediate values remain masked, mitigating the risk of side-channel attacks.
3. The method of claim 1 , wherein the generating the new masked substitution table comprises: selecting, by the circuit, a third input mask and a fourth input mask, of ranks 1 to n, n being an integer number greater than one; for each rank j from 1 to n−1, computing, by the circuit, a new value of a third mask parameter of rank j by applying the XOR operations to a previous value of the third mask parameter of rank j and to the third input masks of ranks j and j+1, and computing a new value of a fourth mask parameter of rank j by applying the XOR operations to a previous value of the fourth mask parameter of rank j and to the fourth input masks of ranks j and j+1; computing, by the circuit, a new value of the third mask parameter of rank n by applying the XOR operations to a previous value of the third mask parameter of rank n and to the third input mask of rank n; computing, by the circuit, a new value of a fourth mask parameter of rank n by applying the XOR operations to a previous value of the fourth mask parameter of rank n and to the fourth input mask of rank n; and computing, by the circuit, the new value of the first mask parameter by applying the XOR operations to the previous value of the first mask parameter, to the first input mask of rank 1 and to the first input mask, the new value of the second mask parameter being obtained by applying the XOR operations to the previous value of the second mask parameter, to the second input mask of rank 1 and to the second input mask, the substitution operation including applying the XOR operations to the masked input data and to the each of the first mask parameter of ranks 1 to n, the masked output data corresponding to the output data of the substitution operation, combined by the XOR operations with the second mask parameter and with each of the second mask parameters of ranks 1 to n.
This invention relates to cryptographic systems, specifically methods for generating and applying masked substitution tables to enhance security in data processing circuits. The problem addressed is the need to protect sensitive data from side-channel attacks by dynamically updating mask parameters used in substitution operations. The method involves selecting multiple input masks of varying ranks and iteratively computing new mask parameters through XOR operations. For each rank from 1 to n-1, a new value of a third mask parameter is calculated by XORing its previous value with adjacent input masks of ranks j and j+1. Similarly, a new value of a fourth mask parameter is computed for each rank. For the highest rank n, new values of the third and fourth mask parameters are derived by XORing their previous values with the corresponding input masks of rank n. The first and second mask parameters are updated by XORing their previous values with the first input mask and its rank-1 counterpart. The substitution operation applies these updated mask parameters to input data, and the resulting masked output data is further combined with the second mask parameter and its rank-specific counterparts. This approach ensures that the substitution process remains secure against differential power analysis and other side-channel attacks by continuously refreshing the masking parameters.
4. The method of claim 1 , further comprising randomly selecting, by the circuit, the first and second input masks.
A system and method for secure data processing involves generating and applying input masks to data to enhance security during computation. The method addresses vulnerabilities in data processing where unmasked data may be exposed to unauthorized access or tampering. The system includes a circuit configured to receive input data and generate first and second input masks. These masks are applied to the input data to produce masked data, which is then processed in a secure manner. The masks are randomly selected to ensure unpredictability, preventing attackers from predicting or reversing the masking process. The circuit also performs a secure computation operation on the masked data, such as addition or multiplication, while maintaining the integrity and confidentiality of the original data. The use of random masks ensures that even if an intermediate result is intercepted, the original data remains protected. This approach is particularly useful in applications requiring high-security data processing, such as financial transactions, cryptographic operations, or privacy-preserving computations. The random selection of masks further enhances security by eliminating patterns that could be exploited by adversaries. The system may be implemented in hardware or software, depending on the specific requirements of the application.
5. The method of claim 1 , wherein the data in the new masked substitution table are computed by the circuit in a random order.
This invention relates to secure data processing, specifically methods for generating and using masked substitution tables to enhance cryptographic operations. The problem addressed is the vulnerability of cryptographic systems to side-channel attacks, where attackers exploit physical characteristics like power consumption or timing variations to extract secret information. The invention improves security by introducing randomness in the generation and use of substitution tables, making it harder for attackers to predict or exploit patterns. The method involves creating a new masked substitution table where the data is computed in a random order by a dedicated circuit. This randomness disrupts predictable patterns that could be exploited in side-channel attacks. The circuit generates the table entries without a fixed sequence, ensuring that each computation step varies unpredictably. This approach is particularly useful in cryptographic applications like block ciphers or hash functions, where substitution tables are commonly used. The random order of computation adds an additional layer of security by making it difficult for attackers to correlate intermediate values with specific operations. The method can be integrated into existing cryptographic systems to strengthen their resistance against side-channel attacks without requiring significant architectural changes. The randomness in table generation ensures that even if an attacker observes multiple executions, they cannot reliably infer the secret key or other sensitive data.
6. The method of claim 1 , wherein the substitution operation is included in an operation for encrypting or decrypting an input data according to a cryptographic algorithm.
A cryptographic system performs substitution operations as part of an encryption or decryption process using a cryptographic algorithm. The substitution operation replaces input data elements with corresponding output elements based on a predefined mapping, enhancing security by transforming the data in a non-reversible manner without the key. This technique is commonly used in block ciphers, stream ciphers, and other cryptographic schemes to obscure the original data structure. The substitution operation may involve lookup tables, mathematical functions, or bitwise transformations, depending on the algorithm. For encryption, the substitution operation modifies plaintext into ciphertext, while for decryption, it reverses the process to recover the original plaintext. The method ensures that the substitution step is integrated into the broader cryptographic workflow, contributing to the overall security of the data protection mechanism. This approach is widely applied in symmetric and asymmetric encryption systems to resist statistical analysis and brute-force attacks. The substitution operation may be combined with other cryptographic primitives, such as permutation, diffusion, or modular arithmetic, to strengthen the algorithm's resistance to cryptanalysis. The technique is essential for maintaining confidentiality and integrity in secure communications, data storage, and authentication protocols.
7. The method of claim 6 , wherein the cryptographic algorithm conforms with an Advanced Encryption Standard (AES), the method further comprising: computing, by the circuit, a masked input data by applying the XOR operations to the input data and to the new value of the first mask parameter; computing, by the circuit, a first masked round input data by applying the XOR operations to the masked input data and to a first round key; performing rounds, each round including: performing, by the circuit, the substitution operation applied to a previously computed masked round input data and using the new masked substitution table, computing, by the circuit, a masked round input data by applying the XOR operations to an output data of an AES column-based permutation operation, to a corresponding round key, and to the new value of the first mask parameter and to the new value of the second mask parameter; and performing a last round including: computing, by the circuit, a substitution output data by performing the substitution operation using the new masked substitution table, receiving as input a previously computed masked round input data, and computing, by the circuit, a masked output data by applying the XOR operations to the substitution output data and to a corresponding round key, an output data resulting from processing the input data by the cryptographic algorithm being obtained by applying the XOR operations to the masked output data and to the new value of the second mask parameter.
This invention relates to cryptographic processing, specifically an improved method for performing encryption using the Advanced Encryption Standard (AES) with enhanced security through masking techniques. The method addresses vulnerabilities in traditional AES implementations by incorporating dynamic masking to protect against side-channel attacks, such as power analysis or timing attacks, which can leak sensitive information during cryptographic operations. The method involves computing a masked input data by applying XOR operations between the input data and a first mask parameter. A first masked round input data is then generated by applying XOR operations between the masked input data and a first round key. The encryption process proceeds through multiple rounds, each involving substitution operations using a masked substitution table, followed by column-based permutation operations. In each round, the output of the permutation operation is combined with a corresponding round key and updated mask parameters via XOR operations to produce a new masked round input data. The final round includes a substitution operation using the masked substitution table, followed by an XOR operation between the substitution output and the corresponding round key. The resulting masked output data is then combined with a second mask parameter via XOR to produce the final encrypted output. The dynamic masking ensures that intermediate values remain obfuscated, mitigating the risk of side-channel attacks while maintaining the integrity of the AES encryption process.
8. The method of claim 7 , wherein each of the rounds use a respective masked round key, the method further comprising: selecting, by the circuit, a third input mask, and computing, by the circuit, a new value of a third mask parameter by applying the XOR operations to a previous value of the third mask parameter and to the third input mask, the new value of the first mask parameter being computed by applying the XOR operations to the previous value of the first mask parameter, to the third input mask and the first input mask, the new value of the second mask parameter being computed by applying the XOR operations to the previous value of the second mask parameter, to the third input mask and the second input mask, new masked round keys being each obtained by applying the XOR operations to the new value of the third mask parameter and to a previous round key, the new masked substitution table being generated by using the new value of the first mask parameter and the new value of the second mask parameter, the substitution operation being performed by the circuit by applying the XOR operations to the masked input data and to the new value of the third mask parameter, the masked output data corresponding to the output data of the substitution operation, combined by the XOR operations with the second mask parameter and with the new value of the third mask parameter.
This invention relates to cryptographic methods, specifically to a masked cryptographic process that enhances security by preventing side-channel attacks. The method involves multiple rounds of encryption, each using a masked round key to obscure the actual key values from potential attackers. The circuit performing the encryption selects a third input mask and computes new values for three mask parameters through XOR operations. The first mask parameter is updated by combining its previous value with the third input mask and a first input mask. The second mask parameter is updated by combining its previous value with the third input mask and a second input mask. The third mask parameter is updated by combining its previous value with the third input mask. New masked round keys are generated by XORing the new third mask parameter with previous round keys. A masked substitution table is generated using the updated first and second mask parameters. During substitution, the masked input data is XORed with the new third mask parameter, and the resulting output is further XORed with the second mask parameter and the new third mask parameter. This approach ensures that intermediate values remain masked, making it difficult for attackers to extract sensitive information through side-channel analysis. The method is particularly useful in secure cryptographic implementations where resistance to timing and power analysis attacks is critical.
9. The method of claim 6 , wherein the cryptographic algorithm conforms with a Data Encryption Standard (DES), the method further comprising: performing rounds, each round including: computing, by the circuit, a masked round data by applying the XOR operations to an output data of a DES expansion operation and to the new value of the first mask parameter; performing, by the circuit, a substitution operation from the masked round data using new masked substitution tables, the substitution operation providing a masked substitution output data masked by the new value of the second mask parameter, and computing, by the circuit, an unmasked substitution output data by applying the XOR operations to the masked substitution output data and to the new value of the second parameter.
This invention relates to cryptographic processing, specifically a method for securely implementing the Data Encryption Standard (DES) algorithm using masked operations to enhance resistance against side-channel attacks. The method involves performing multiple rounds of DES encryption while applying dynamic masking techniques to obscure intermediate data values. In each round, the circuit computes a masked round data by applying XOR operations between the output of a DES expansion operation and a first mask parameter. This masked round data undergoes a substitution operation using masked substitution tables, producing a masked substitution output data. The method then computes an unmasked substitution output data by applying XOR operations between the masked substitution output data and a second mask parameter. The masking parameters are updated dynamically to prevent attackers from inferring sensitive information from physical characteristics like power consumption or timing variations. This approach ensures that intermediate values remain protected throughout the encryption process, enhancing the security of the cryptographic implementation against side-channel analysis. The method is particularly useful in secure hardware implementations where resistance to physical attacks is critical.
10. The method of claim 9 , wherein the generating the new masked substitution table comprises: selecting, by the circuit, a third input mask and a fourth input mask; computing, by the circuit, a new value of a third mask parameter by applying the XOR operations to a previous value of the third mask parameter and to the third input mask, the new value of the first mask parameter being computed by applying the XOR operations to previous value of the first mask parameter and to the third input mask and the first input mask; computing, by the circuit, new values of a fourth mask parameter by applying the XOR operations to a previous value of the fourth mask parameter and to the fourth input mask, the new value of the second mask parameter being computed by applying the XOR operations to the previous value of the second mask parameter and to the fourth input mask and the second input mask; computing, by the circuit, a transformed first input mask by applying the DES expansion operation to the first input mask; and computing, by the circuit, a transformed second input mask by applying a reverse DES permutation operation to the second input mask, the new masked substitution table being generated using as the first and second input masks the transformed first input mask and the transformed second input mask, the method further including computing, by the circuit, masked round keys by applying the XOR operations to DES round keys and to transformed third and fourth input masks obtained by applying the DES expansion operation to third and fourth input masks, and using the new value of the third mask parameter and the new value of the fourth mask parameter.
In the field of cryptographic security, particularly in data encryption, a method enhances the security of substitution tables used in encryption algorithms like DES (Data Encryption Standard). The method addresses vulnerabilities in traditional substitution tables by dynamically generating masked substitution tables to resist side-channel attacks, such as timing or power analysis. The technique involves updating mask parameters and input masks through XOR operations, ensuring that the substitution tables remain unpredictable and secure. The process begins by selecting two input masks, which are then transformed using DES operations—expansion for one mask and reverse permutation for the other. These transformed masks are used to generate a new masked substitution table. Additionally, the method computes masked round keys by applying XOR operations to DES round keys and transformed versions of the third and fourth input masks. The mask parameters are updated iteratively using XOR operations with the input masks, ensuring continuous evolution of the masking scheme. This dynamic approach complicates side-channel analysis, making it difficult for attackers to extract sensitive information from physical implementations of the encryption algorithm. The method integrates seamlessly with existing DES-based systems, providing an additional layer of security without altering the core encryption logic.
11. A circuit, comprising: a memory and a processor configured to: execute a substitution operation in which an output data is selected in an original substitution table, the substitution operation being included in an cryptographic operation for encrypting or decrypting an input data, the input data of the substitution operation being based on the input data of the cryptographic operation, the substitution operation being performed using a new masked substitution table obtained from the original substitution table, the input data being combined by Exclusive OR (XOR) operations with a new value of a first mask parameter, and the output data being combined by the XOR operations with a new value of a second mask parameter, generate the new masked substitution table from a previous masked substitution table by: selecting a first input mask and a second input mask; computing the new value of the first mask parameter by applying the XOR operations to a previous value of the first mask parameter and to the first input mask; computing the new value of the second mask parameter by applying XOR operations to a previous value of the second mask parameter and to the second input mask; selecting each value in the previous masked substitution table obtained from the original substitution table; and for each selected value: computing a masked value by applying the XOR operations to the selected value and to the second input mask, computing a masked index by applying the XOR operations to the first mask and to an original index, and storing in the memory the masked value in the new masked substitution table, the selected value being selected at the original index and the masked value being stored at the masked index, or the selected value being selected at the masked index and the masked value being stored at the original index.
The invention relates to cryptographic operations, specifically to a method for securely implementing substitution operations in encryption or decryption processes. The problem addressed is the need to protect cryptographic operations from side-channel attacks, such as power analysis, by masking intermediate data values. The invention provides a circuit with a memory and a processor that performs a substitution operation using a masked substitution table derived from an original substitution table. The input data of the substitution operation is combined with a first mask parameter using XOR operations, and the output data is combined with a second mask parameter using XOR operations. The masked substitution table is dynamically generated from a previous masked substitution table by updating the first and second mask parameters with new values derived from input masks. Each value in the previous masked substitution table is processed by XORing it with the second input mask to produce a masked value, and the masked value is stored at a new index derived by XORing the first mask with the original index. This ensures that the substitution operation operates on masked data, enhancing security against side-channel attacks. The circuit dynamically updates the masked substitution table to maintain security across multiple operations.
12. The circuit of claim 11 , wherein the circuit is configured to generate the new masked substitution table by: selecting a third input mask for each of ranks from 1 to n, n being an integer number greater than one; for each rank j from 1 to n−1, computing a new value of a third mask parameter of rank j by applying the XOR operations to a previous value of the third mask parameter of rank j and to the input mask of ranks j and j+1; and computing a new value of the third mask parameter of rank n by applying the XOR operations to a previous value of the third mask parameter of rank n and to the third input mask of rank n, the new value of the first mask parameter being computed by applying the XOR operations to the previous value of the first mask parameter, to the input mask of rank 1 and to the first input mask, the new value of the second mask parameter being computed by applying the XOR operations to the previous value of the second mask parameter, to the input mask of rank 1 and to the second input mask, the processor being configured to perform the substitution operation by applying the XOR operations to the masked input data and to each of the mask parameters of ranks 1 to n, the masked output data corresponding to the output data of the substitution operation, combined by the XOR operations with the second mask parameter and with each of the mask parameters of ranks 1 to n.
This invention relates to cryptographic circuits designed to enhance data security through masked substitution operations. The problem addressed is the need for secure and efficient masking techniques to protect sensitive data during substitution operations, such as those used in cryptographic algorithms. The circuit generates a new masked substitution table by selecting an input mask for each rank from 1 to n, where n is an integer greater than one. For each rank j from 1 to n-1, the circuit computes a new value of a third mask parameter by applying XOR operations to the previous value of the third mask parameter and the input masks of ranks j and j+1. The new value of the third mask parameter for rank n is computed by applying XOR operations to its previous value and the input mask of rank n. The first and second mask parameters are updated similarly, incorporating the input masks of rank 1 and their respective input masks. The substitution operation is performed by applying XOR operations to the masked input data and each of the mask parameters of ranks 1 to n. The masked output data is derived by combining the substitution operation's output with the second mask parameter and each of the mask parameters of ranks 1 to n using XOR operations. This approach ensures that the substitution process remains secure against side-channel attacks while maintaining computational efficiency.
13. The circuit of claim 11 , wherein the circuit is configured to generate the new masked substitution table by: selecting a third input mask and a fourth input mask, of ranks 1 to n, n being an integer number greater than one; for each rank j from 1 to n−1, computing a new value of a third mask parameter of rank j by applying the XOR operations to a previous value of the third mask parameter of rank j and to a the third input masks of ranks j and j+1, and computing a new value of a fourth mask parameter of rank j by applying the XOR operations to a previous value of the fourth mask parameter of rank j and to the fourth input masks of ranks j and j+1; computing a new value of the third mask parameter of rank n by applying the XOR operations to a previous value of the third mask parameter of rank n and to the third input mask of rank n; computing a new value of the fourth mask parameter of rank n by applying the XOR operations to a previous value of the fourth mask parameter of rank n and to the fourth input mask of rank n; and the new value of the first mask parameter being obtained by applying the XOR operations to the previous value of the first mask parameter, to the first input mask of rank 1 and to the first input mask, the new value of the second mask parameter being obtained by applying the XOR operations to the previous value of the second mask parameter, to the second input mask of rank 1 and to the second input mask, the substitution operation including applying the XOR operations to the masked input data and to the each of the first mask parameter of ranks 1 to n, the masked output data corresponding to the output data of the substitution operation, combined by the XOR operations with the second mask parameter and with each of the second mask parameters of ranks 1 to n.
This invention relates to cryptographic circuits designed to enhance security by dynamically generating masked substitution tables. The problem addressed is the vulnerability of cryptographic operations to side-channel attacks, which can exploit predictable patterns in intermediate data. The solution involves a circuit that updates mask parameters using XOR operations to ensure that intermediate values remain obfuscated. The circuit selects two sets of input masks, each with ranks from 1 to n, where n is an integer greater than one. For each rank j from 1 to n−1, the circuit computes new values for two mask parameters by applying XOR operations between previous mask values and adjacent input masks of ranks j and j+1. For the highest rank n, the circuit computes new mask values by XORing the previous mask parameter with the corresponding input mask of rank n. Additionally, the first and second mask parameters are updated by XORing their previous values with the first input masks of rank 1 and the corresponding input masks. The substitution operation involves XORing the masked input data with the first mask parameters of all ranks. The resulting output is further masked by combining it with the second mask parameter and all second mask parameters of ranks 1 to n. This multi-layered masking approach ensures that intermediate data remains secure against side-channel analysis. The dynamic updates to the mask parameters prevent predictable patterns, enhancing resistance to cryptographic attacks.
14. The circuit of claim 11 , wherein the circuit is configured to randomly select the first and second input masks.
A circuit is provided for processing data using multiple input masks to enhance security or performance. The circuit includes a first input mask generator that produces a first input mask and a second input mask generator that produces a second input mask. The circuit is configured to apply these masks to input data, where the first input mask is applied to a first portion of the input data and the second input mask is applied to a second portion of the input data. The circuit further includes a processing unit that processes the masked data to produce an output. The circuit is designed to randomly select the first and second input masks, ensuring variability in the masking process to improve security or reduce predictability. The random selection may be based on a pseudorandom number generator or another randomization technique. The circuit may also include a control unit that manages the generation and application of the masks, ensuring proper synchronization between the masking and processing steps. The use of multiple masks and their random selection enhances the circuit's resistance to certain types of attacks or improves performance by distributing processing load.
15. The circuit of claim 11 , wherein the circuit is configured to compute in a random order the data in the new masked substitution table.
A circuit is provided for secure data processing, specifically for generating and utilizing masked substitution tables to enhance cryptographic operations. The circuit is designed to address vulnerabilities in cryptographic systems where substitution tables, such as S-boxes, are susceptible to side-channel attacks. These attacks exploit predictable patterns in data processing, allowing adversaries to infer sensitive information. The circuit includes a substitution table generator that creates a new masked substitution table by combining an original substitution table with a random mask. This masking process obscures the original data, making it harder for attackers to extract meaningful information through side-channel analysis. The circuit also includes a data processor that computes the data in the new masked substitution table. A key feature is that the circuit is configured to compute the data in a random order, further increasing resistance to side-channel attacks by eliminating predictable processing sequences. By processing the masked substitution table in a random order, the circuit disrupts any temporal patterns that could be exploited by attackers. This randomness ensures that even if an adversary observes the circuit's operations, they cannot correlate the observed behavior with specific data values. The circuit's design enhances the security of cryptographic operations by mitigating side-channel vulnerabilities while maintaining the integrity and functionality of the substitution table. This approach is particularly useful in applications requiring high security, such as financial transactions, secure communications, and embedded systems.
16. The circuit of claim 11 , wherein the substitution operation is included in an operation for encrypting or decrypting an input data according to a cryptographic algorithm, the circuit being configured to perform the encrypting or decrypting operation.
This invention relates to cryptographic circuits designed to perform encryption or decryption operations on input data using a cryptographic algorithm. The circuit includes a substitution operation as part of the cryptographic process, where the substitution operation replaces input data values with predefined output values based on a substitution table or function. The circuit is specifically configured to execute the full encryption or decryption operation, ensuring that the substitution step is integrated into the broader cryptographic workflow. The substitution operation may involve mapping input data elements to corresponding output values in a deterministic manner, enhancing security by obscuring the relationship between plaintext and ciphertext. The circuit may be implemented in hardware, such as an application-specific integrated circuit (ASIC) or field-programmable gate array (FPGA), to accelerate cryptographic computations. The invention addresses the need for efficient and secure data transformation in cryptographic systems, particularly in applications requiring high-speed processing, such as secure communications, data storage, and financial transactions. The substitution operation is a critical component of the cryptographic algorithm, ensuring that the overall process meets security standards while maintaining computational efficiency.
17. The circuit of claim 16 , wherein the cryptographic algorithm conforms with an Advanced Encryption Standard (AES), the circuit further configured to: compute a masked input data by applying the XOR operations to the input data and to the new value of the first mask parameter; compute a first masked round input data by applying the XOR operations to the masked input data and to a first round key; perform rounds, each round including: perform the substitution operation applied to a previously computed masked round input data and using the new masked substitution table, compute a masked round input data by applying the XOR operations to an output data of an AES column-based permutation operation, to a corresponding round key, and to the new value of the first mask parameter and to the new value of the second mask parameter; and performing a last round including: compute a substitution output data by performing the substitution operation using the new masked substitution table, receiving as input a previously computed masked round input data, and compute a masked output data by applying the XOR operations to the substitution output data and to a corresponding round key, an output data resulting from processing the input data by the cryptographic algorithm being obtained by applying the XOR operations to the masked output data and to the new value of the second mask parameter.
This invention relates to cryptographic circuits implementing the Advanced Encryption Standard (AES) with enhanced security through masking techniques. The circuit processes input data using AES while incorporating dynamic masking to protect against side-channel attacks. The process begins by computing a masked input data by XORing the input data with a first mask parameter. This masked input data is then XORed with a first round key to produce a masked round input data. The circuit performs multiple rounds of AES operations, each involving a substitution operation using a masked substitution table, followed by an AES column-based permutation operation. The output of the permutation is XORed with a round key and the first and second mask parameters to produce a new masked round input data. In the final round, the substitution operation is applied again using the masked substitution table, and the resulting substitution output data is XORed with a corresponding round key. The final output is obtained by XORing this masked output data with the second mask parameter. The dynamic masking ensures that intermediate values remain obfuscated, enhancing resistance to side-channel analysis while maintaining AES compliance.
18. The circuit of claim 17 , wherein each of the rounds use a respective masked round key, the circuit further configured to: select a third input mask, and compute a new value of a third mask parameter by applying the XOR operations to a previous value of the third mask parameter and to the third input mask, the new value of the first mask parameter being computed by applying the XOR operations to the previous value of the first mask parameter, to the third input mask and the first input mask, the new value of the second mask parameter being computed by applying the XOR operations to the previous value of the second mask parameter, to the third input mask and the second input mask, new masked round keys being each obtained by applying the XOR operations to the new value of the third mask parameter and to a previous round key, the new masked substitution table being generated by using the new value of the first mask parameter and the new value of the second mask parameter, the substitution operation includes applying the XOR operations to the masked input data and to the new value of the third mask parameter, the masked output data corresponding to the output data of the substitution operation, combined by the XOR operations with the second mask parameter and with the new value of the third mask parameter.
This invention relates to cryptographic circuits, specifically those implementing masked operations to enhance security against side-channel attacks. The circuit performs multiple rounds of encryption or decryption, where each round uses a masked round key to obscure intermediate data values. The circuit is configured to select a third input mask and compute updated values for three mask parameters. The first mask parameter is updated by combining its previous value with the third input mask and a first input mask. The second mask parameter is updated by combining its previous value with the third input mask and a second input mask. The third mask parameter is updated by combining its previous value with the third input mask. New masked round keys are generated by combining the updated third mask parameter with previous round keys. A masked substitution table is generated using the updated first and second mask parameters. During substitution operations, the circuit applies XOR operations to masked input data and the updated third mask parameter, then combines the result with the second mask parameter and the updated third mask parameter to produce masked output data. This approach ensures that intermediate values remain masked throughout the cryptographic process, mitigating risks of side-channel leakage.
19. The circuit of claim 16 , wherein the cryptographic algorithm conforms with a Data Encryption Standard (DES), the circuit configured to: perform rounds, each round including: compute a masked round data by applying the XOR operations to an output data of a DES expansion operation and to the new value of the first mask parameter; perform a substitution operation from the masked round data using new masked substitution tables, the substitution operation providing a masked substitution output data masked by the new value of the second mask parameter, and compute an unmasked substitution output data by applying the XOR operations to the masked substitution output data and to the new value of the second parameter.
This invention relates to cryptographic circuits implementing the Data Encryption Standard (DES) with enhanced security through dynamic masking. The problem addressed is the vulnerability of cryptographic operations to side-channel attacks, such as power analysis, which can exploit predictable patterns in intermediate data. The solution involves integrating masking techniques into the DES algorithm to obscure intermediate values and prevent such attacks. The circuit performs DES encryption or decryption while applying dynamic masking at each round of the algorithm. In each round, the circuit first computes a masked round data by XORing the output of a DES expansion operation with a new value of a first mask parameter. This masked data is then processed through substitution tables that are themselves masked, producing a masked substitution output. The masked substitution output is further processed by XORing it with a new value of a second mask parameter to obtain an unmasked substitution output. The mask parameters are updated dynamically between rounds to ensure that intermediate values remain unpredictable, thereby enhancing resistance to side-channel attacks. The substitution tables used in each round are also dynamically masked to prevent leakage of substitution patterns. This approach ensures that the cryptographic operations remain secure even when subjected to physical or timing-based attacks.
20. The circuit of claim 19 , wherein the circuit is configured to generate the new masked substitution table from the previous masked substitution table by: selecting a third input mask and a fourth input mask; computing a new value of a third mask parameter by applying the XOR operations to a previous value of the third mask parameter and to the third input mask, the new value of the first mask parameter being computed by applying the XOR operations to previous value of the first mask parameter and to the third input mask and the first input mask; computing new values of a fourth mask parameter by applying the XOR operations to a previous value of the fourth mask parameter and to the fourth input mask, the new value of the second mask parameter being computed by applying the XOR operations to the previous value of the second mask parameter and to the fourth input mask and the second input mask; computing a transformed first input mask by applying the DES expansion operation to the first input mask; and computing a transformed second input mask by applying a reverse DES permutation operation to the second input mask, the new masked substitution table being generated using as the first and second input masks the transformed first input mask and the transformed second input mask, the circuit further configured to use masked round keys obtained by applying the XOR operations to DES round keys and to transformed third and fourth input masks obtained by applying the DES expansion operation to third and fourth input masks, and using the new value of third mask parameter and the new value of the fourth mask parameter.
This invention relates to cryptographic circuits, specifically those implementing masked substitution tables for secure data processing. The problem addressed is the need to dynamically update masked substitution tables in a way that maintains security while efficiently computing new values. The circuit generates a new masked substitution table from a previous one by selecting two additional input masks and performing a series of XOR operations. A third and fourth mask parameter are updated by XORing their previous values with new input masks, incorporating additional transformations from prior operations. The first and second input masks undergo DES (Data Encryption Standard) expansion and reverse permutation operations before being used in the table generation. The circuit also applies masked round keys, derived by XORing DES round keys with transformed third and fourth input masks, ensuring secure key handling. This approach enhances cryptographic security by dynamically altering the substitution table while maintaining computational efficiency. The method leverages DES operations to transform input masks, ensuring proper alignment with the cryptographic process. The overall system provides a robust mechanism for secure data encryption and decryption in hardware implementations.
21. The circuit of claim 11 , further comprising a coprocessor.
A circuit for processing data includes a main processor and a coprocessor. The main processor executes primary computational tasks, while the coprocessor handles specialized or offloaded operations to improve efficiency. The coprocessor is integrated into the circuit to assist the main processor by performing tasks such as encryption, decryption, or other parallel processing functions. This configuration enhances overall system performance by distributing workloads between the main processor and the coprocessor, reducing processing time and energy consumption. The circuit is designed to optimize computational efficiency in applications requiring high-speed data processing, such as cryptographic operations, signal processing, or real-time data analysis. The coprocessor operates in conjunction with the main processor, allowing for seamless task delegation and improved throughput. This architecture is particularly useful in systems where dedicated hardware acceleration is needed for specific functions, ensuring faster execution and lower power consumption compared to relying solely on the main processor. The integration of the coprocessor enables the circuit to handle complex computations more effectively, making it suitable for use in embedded systems, networking devices, or other high-performance computing environments.
22. A device comprising a circuit according to claim 11 , arranged on a medium.
A device includes a circuit integrated onto a medium, where the circuit is designed to process signals. The circuit comprises a first component that receives an input signal and a second component that generates an output signal based on the input signal. The second component includes a configurable element that adjusts the output signal in response to a control signal. The configurable element can be dynamically modified to alter the output signal's characteristics, such as amplitude, phase, or frequency. The medium on which the circuit is arranged may be a semiconductor substrate, a flexible material, or another suitable platform. The device may be used in applications requiring signal processing, such as communication systems, sensors, or control circuits. The circuit's design allows for adaptability, enabling it to function in varying operational conditions or to meet specific performance requirements. The configurable element ensures that the output signal can be fine-tuned without requiring structural changes to the circuit, enhancing flexibility and efficiency. The overall device integrates the circuit with the medium to form a compact, functional unit suitable for integration into larger systems or standalone applications.
23. A non-transitory computer readable medium carrying one or more sequences of instructions, which when executed by one or more processors, cause the one or more processors to: execute a substitution operation in which an output data is selected in an original substitution table, the substitution operation being included in an cryptographic operation for encrypting or decrypting an input data, the input data of the substitution operation being based on the input data of the cryptographic operation, the substitution operation being performed using a new masked substitution table obtained from the original substitution table to perform the substitution operation, the input data being combined by Exclusive OR (XOR) operations with a new value of a first mask parameter, and the output data being combined by the XOR operations with a new value of a second mask parameter, the new masked substitution table being obtained from a previous masked substitution table by: selecting a first input mask and a second input mask; computing the new value of the first mask parameter by applying the XOR operations to a previous value of the first mask parameter and to the first input mask; computing the new value of the second mask parameter by applying the XOR operations to a previous value of the second mask parameter and to the second input mask; selecting each value in the previous masked substitution table obtained from the original substitution table; and for each selected value: computing a masked value by applying the XOR operations to the selected new value and to the second input mask, computing a masked index by applying the XOR operations to the first mask and to an original index, and storing the masked value in the new masked substitution table, the selected value being selected at the original index and the masked value being stored at the masked index, or the selected value being selected at the masked index and the masked value being stored at the original index.
This invention relates to cryptographic operations, specifically methods for securely implementing substitution operations using masked substitution tables to enhance resistance against side-channel attacks. The problem addressed is the vulnerability of cryptographic algorithms to side-channel attacks, which exploit physical characteristics like power consumption or timing to extract secret keys. The solution involves dynamically updating substitution tables used in encryption or decryption processes with masking techniques to obscure sensitive data. The system uses a non-transitory computer-readable medium storing instructions that, when executed, perform a substitution operation within a cryptographic process. The input data is combined with a first mask parameter using XOR operations before being processed by a masked substitution table. The resulting output data is then combined with a second mask parameter using XOR operations. The masked substitution table is derived from an original substitution table by applying input masks to both the table values and their indices. The first and second mask parameters are updated by XORing their previous values with new input masks. Each value in the previous masked table is processed by XORing it with the second input mask and then stored at a new index, which is computed by XORing the first input mask with the original index. This ensures that the substitution table remains dynamically masked, making it difficult for attackers to infer sensitive information from side-channel observations. The method supports both forward and reverse indexing to maintain flexibility in table updates.
Unknown
March 3, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.